Docker: 企业级镜像仓库Harbor的使用

上一节,演示了Harbor的安装部署

这次我们来讲解 Harbor的使用。

我们需要了解到:

1. 如何推镜像到镜像仓库

2. 如何从镜像仓库拉取镜像 

3. 如何运行从私有仓库拉取的镜像

# 查看 harbor服务状态,都是up说明 harbor服务状态正常
[root@192 harbor]# docker-compose ps

 如果状态不对,使用docker-compose restart重启,或者使用docker-compose up -d 启动容器,并后台运行

 

浏览器打开 http://192.168.1.30 用户名:admin 密码:Harbor123456(在harbor.cfg配置的默认密码,在部署harbor过程中没有修改过,所以用默认密码登录)

可以通过[新建项目]来创建项目,

访问级别:公开,代表不需要登陆账号就拉取(下载)镜像; 私有,代表必须有登陆账号和账号的项目权限正确才可以拉取(下载)镜像; 不管什么访问级别,推送(上传)镜像到harbor仓库,必须先登陆账号,并且登陆账号的项目权限正确。 

 新建了一个用户:testuser1,密码:Test12345567;

给用户testuser1添加library项目的权限

 docker和harbor之间交互的基本使用:

1、配置http镜像仓库可信任(docker默认是通过https访问harbor的,但是私有仓库是在公司内网的话,没有必要配置https, 所以我们要在daemon.json配置harbor服务器地址被docker认为是可信任的站点;如果docker通过https访问harbor,就不需要进行如下设置)
# vi /etc/docker/daemon.json
{"insecure-registries":["192.168.1.30"]}

格式不能写错,修改该配置后,需要重启docker服务,如果写错,重启docker会有问题。
# systemctl restart docker  #重启docker的话,要留意一下,通过docker启动的容器是否正常运行, harbor就启动在docker容器里的,所以需要用docker-compose ps查看harbor服务状态,如果harbor状态不全是Up状态,那么使用 docker-compose up -d 再次启动所有
2、打标签
# docker tag centos:6 192.168.1.30/library/centos:6
3、上传
# docker push 192.168.1.30/library/centos:6
4、下载
# docker pull 192.168.1.30/library/centos:6

 

#修改docker的配置文件daemon.json(docker通过http访问harbor的话,需要配置harbor的服务器地址为可信任;如果通过https方式访问harbor,这里不需要修改)
[root@192 harbor]# vi /etc/docker/daemon.json 
[root@192 harbor]# cat /etc/docker/daemon.json 
{"registry-mirrors": ["http://f1361db2.m.daocloud.io"],
"insecure-registries":["192.168.1.30"]
}
#重启docker
[root@192 harbor]# systemctl restart docker
#重启查看harbor状态,因为harbor也是运行在docker容器里的,容器服务重启,相应的容器也要检查一下状态是否正常 
[root@192 harbor]# docker-compose ps
       Name                     Command                       State                     Ports          
-------------------------------------------------------------------------------------------------------
harbor-adminserver   /harbor/start.sh                 Exit 137                                         
harbor-db            /entrypoint.sh postgres          Exit 255                                         
harbor-jobservice    /harbor/start.sh                 Exit 137                                         
harbor-log           /bin/sh -c /usr/local/bin/ ...   Up (health: starting)   127.0.0.1:1514->10514/tcp
harbor-ui            /harbor/start.sh                 Up (health: starting)                            
nginx                nginx -g daemon off;             Exit 128                                         
redis                docker-entrypoint.sh redis ...   Exit 128                                         
registry             /entrypoint.sh /etc/regist ...   Up (health: starting)   5000/tcp  
#(没有的)创建和有的直接启动容器,-d参数代表在后台运行服务
[root@192 harbor]# docker-compose up -d
harbor-log is up-to-date
Starting harbor-db ... 
registry is up-to-date
Starting harbor-adminserver ... 
Starting redis              ... 
harbor-ui is up-to-date
Starting harbor-jobservice  ... 
Starting nginx              ... 
#查看harbor服务状态
[root@192 harbor]# docker-compose ps
       Name                     Command                       State                          Ports               
-----------------------------------------------------------------------------------------------------------------
harbor-adminserver   /harbor/start.sh                 Up (health: starting)                                      
harbor-db            /entrypoint.sh postgres          Up (health: starting)   5432/tcp                           
harbor-jobservice    /harbor/start.sh                 Up                                                         
harbor-log           /bin/sh -c /usr/local/bin/ ...   Up (healthy)            127.0.0.1:1514->10514/tcp          
harbor-ui            /harbor/start.sh                 Up (health: starting)                                      
nginx                nginx -g daemon off;             Up (health: starting)   0.0.0.0:443->443/tcp,              
                                                                              0.0.0.0:4443->4443/tcp,            
                                                                              0.0.0.0:80->80/tcp                 
redis                docker-entrypoint.sh redis ...   Up                      6379/tcp                           
registry             /entrypoint.sh /etc/regist ...   Up (healthy)            5000/tcp   
#列出docker镜像
[root@192 harbor]# docker images
REPOSITORY                      TAG                 IMAGE ID            CREATED             SIZE
tomcat                          v1                  5f8fe4ca82ba        7 hours ago         427MB
php                             v1                  d48e00d7de94        7 hours ago         514MB
nginx                           v1                  a5412fe37cac        7 hours ago         361MB
nginx                           latest              881bd08c0b08        9 days ago          109MB
mysql                           5.7                 ee7cbd482336        9 days ago          372MB
busybox                         latest              d8233ab899d4        3 weeks ago         1.2MB
centos                          7                   1e1148e4cc2c        3 months ago        202MB
centos                          latest              1e1148e4cc2c        3 months ago        202MB
goharbor/chartmuseum-photon     v0.7.1-v1.6.1       f0a2dbee1ff1        4 months ago        350MB
goharbor/harbor-migrator        v1.6.1              60e8be845b35        4 months ago        798MB
goharbor/redis-photon           v1.6.1              6a67380bb061        4 months ago        210MB
goharbor/clair-photon           v2.0.6-v1.6.1       c4fcdbae7df2        4 months ago        302MB
goharbor/notary-server-photon   v0.5.1-v1.6.1       f1afd44d9f9b        4 months ago        209MB
goharbor/notary-signer-photon   v0.5.1-v1.6.1       83aa51867207        4 months ago        207MB
goharbor/registry-photon        v2.6.2-v1.6.1       f4cb5e83f0a4        4 months ago        196MB
goharbor/nginx-photon           v1.6.1              9ca888fe33b2        4 months ago        132MB
goharbor/harbor-log             v1.6.1              9b1ea3f29465        4 months ago        198MB
goharbor/harbor-jobservice      v1.6.1              9ca6fd371ca6        4 months ago        192MB
goharbor/harbor-ui              v1.6.1              305ee5b8952c        4 months ago        215MB
goharbor/harbor-adminserver     v1.6.1              a3e95f74984e        4 months ago        181MB
goharbor/harbor-db              v1.6.1              3bea3bff0190        4 months ago        219MB
java                            8                   d23bdf5b1b1b        2 years ago         643MB
# 配置 php:v1这个镜像,推送到哪里去,这里推送到私有仓库地址
[root@192 harbor]# docker tag php:v1 192.168.1.30/library/php:v1 # docker登陆镜像仓库,成功 [root@192 harbor]# docker login 192.168.1.30 username:testuser1 password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store # 下次再登陆,不需要重复输入用户名,密码 [root@192 harbor]# docker login 192.168.1.30 Authenticating with existing credentials... WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded #推送到Harbor镜像仓库 [root@192 harbor]# docker push 192.168.1.30/library/php:v1 The push refers to repository [192.168.1.30/library/php] v1: digest: sha256:dff46139f7bbcaf014ef2f1b9a564b99fdf0fd6cedbce965d01e6ad4091566bb size: 1370 # 将nginx:v1打上推送到镜像仓库的地址标签,并推送 [root@192 harbor]# docker tag nginx:v1 192.168.1.30/library/nginx:v1 [root@192 harbor]# docker push 192.168.1.30/library/nginx:v1 The push refers to repository [192.168.1.30/library/nginx] v1: digest: sha256:4b4183c9fc6af4479c0b9632f13076c4276c83ccdc32784b521225f878963c74 size: 1159 # 将tomcat:v1打上推送到镜像仓库的地址标签,并推送 [root@192 harbor]# docker tag tomcat:v1 192.168.1.30/library/tomcat:v1 [root@192 harbor]# docker push 192.168.1.30/library/tomcat:v1 The push refers to repository [192.168.1.30/library/tomcat] v1: digest: sha256:37a025411fc5250673100c51cc60a48878695c9f1f59c953a6751f21b9db18df size: 952 #从镜像仓库拉取nginx:v1 [root@192 harbor]# docker pull 192.168.1.30/library/nginx:v1 v1: Pulling from library/nginx Digest: sha256:4b4183c9fc6af4479c0b9632f13076c4276c83ccdc32784b521225f878963c74 Status: Image is up to date for 192.168.1.30/library/nginx:v1 [root@192 harbor]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.1.30/library/tomcat v1 5f8fe4ca82ba 7 hours ago 427MB tomcat v1 5f8fe4ca82ba 7 hours ago 427MB 192.168.1.30/library/php v1 d48e00d7de94 8 hours ago 514MB php v1 d48e00d7de94 8 hours ago 514MB 192.168.1.30/library/nginx v1 a5412fe37cac 8 hours ago 361MB nginx v1 a5412fe37cac 8 hours ago 361MB nginx latest 881bd08c0b08 9 days ago 109MB mysql 5.7 ee7cbd482336 9 days ago 372MB busybox latest d8233ab899d4 3 weeks ago 1.2MB centos 7 1e1148e4cc2c 3 months ago 202MB centos latest 1e1148e4cc2c 3 months ago 202MB goharbor/chartmuseum-photon v0.7.1-v1.6.1 f0a2dbee1ff1 4 months ago 350MB goharbor/harbor-migrator v1.6.1 60e8be845b35 4 months ago 798MB goharbor/redis-photon v1.6.1 6a67380bb061 4 months ago 210MB goharbor/clair-photon v2.0.6-v1.6.1 c4fcdbae7df2 4 months ago 302MB goharbor/notary-server-photon v0.5.1-v1.6.1 f1afd44d9f9b 4 months ago 209MB goharbor/notary-signer-photon v0.5.1-v1.6.1 83aa51867207 4 months ago 207MB goharbor/registry-photon v2.6.2-v1.6.1 f4cb5e83f0a4 4 months ago 196MB goharbor/nginx-photon v1.6.1 9ca888fe33b2 4 months ago 132MB goharbor/harbor-log v1.6.1 9b1ea3f29465 4 months ago 198MB goharbor/harbor-jobservice v1.6.1 9ca6fd371ca6 4 months ago 192MB goharbor/harbor-ui v1.6.1 305ee5b8952c 4 months ago 215MB goharbor/harbor-adminserver v1.6.1 a3e95f74984e 4 months ago 181MB goharbor/harbor-db v1.6.1 3bea3bff0190 4 months ago 219MB java 8 d23bdf5b1b1b 2 years ago 643MB
有个规则:给镜像打好标签后,用docker images是看不到镜像的变化的, 只有通过dockor push 把镜像推送到harbor仓库后, docker images才会看到有新增的镜像

验证结果:


下面演示如何从私有镜像仓库Harbor拉取镜像并运行 nginx, php, 假设 Docker: 快速搭建LNMP网站平台 里面创建的容器,删除掉,只保留lnmp_mysql

[root@192 nginx]# docker container rm -f lnmp_nginx
lnmp_nginx
[root@192 nginx]# docker container rm -f lnmp_php
lnmp_php
#运行没什么特别,就是把镜像名和标签换成私有仓库的就可以 [root@
192 nginx]# docker run -d --name lnmp_php --net lnmp --mount src=wwwroot,dst=/wwwroot 192.168.1.30/library/php:v1 c3624fb185f93351af97bea35a604155b52b2e4eca600d5be4e4e5be93b1ee7f [root@192 nginx]# docker run -d --name lnmp_nginx --net lnmp -p 88:80 --mount type=bind,src=$(pwd)/nginx.conf,dst=/usr/local/nginx/conf/nginx.conf --mount src=wwwroot,dst=/wwwroot 192.168.1.30/library/nginx:v1 3cc9715ef1f0bb9b4039c3aa58a3508d14f3825e8b275e2a50467b7e037709b6 [root@192 nginx]# docker container ls -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3cc9715ef1f0 192.168.1.30/library/nginx:v1 "nginx -g 'daemon of…" 11 seconds ago Up 9 seconds 0.0.0.0:88->80/tcp lnmp_nginx [root@192 nginx]# docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3cc9715ef1f0 192.168.1.30/library/nginx:v1 "nginx -g 'daemon of…" 22 seconds ago Up 20 seconds 0.0.0.0:88->80/tcp lnmp_nginx c3624fb185f9 192.168.1.30/library/php:v1 "php-fpm" About a minute ago Up About a minute 9000/tcp lnmp_php 9b2acdc4e0d4 192.168.1.30/library/php:v1 "--name lnmp_php" 9 minutes ago Created 9000/tcp gracious_borg 31416cb93251 192.168.1.30/library/php:v1 "-name lnmp_php" 10 minutes ago Created 9000/tcp vigorous_wiles 679f5aa83443 5f8fe4ca82ba "catalina.sh run" 15 hours ago Up 15 hours 0.0.0.0:99->8080/tcp gifted_gates ce152fffc931 goharbor/harbor-jobservice:v1.6.1 "/harbor/start.sh" 29 hours ago Up 28 hours harbor-jobservice d5a971fcf319 goharbor/nginx-photon:v1.6.1 "nginx -g 'daemon of…" 29 hours ago Up 28 hours (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx 197b6f639c4b goharbor/harbor-ui:v1.6.1 "/harbor/start.sh" 29 hours ago Up 28 hours (healthy) harbor-ui 443fd0c18620 goharbor/harbor-db:v1.6.1 "/entrypoint.sh post…" 29 hours ago Up 28 hours (healthy) 5432/tcp harbor-db 4943f885123b goharbor/harbor-adminserver:v1.6.1 "/harbor/start.sh" 29 hours ago Up 28 hours (healthy) harbor-adminserver d29f080f8615 goharbor/redis-photon:v1.6.1 "docker-entrypoint.s…" 29 hours ago Up 28 hours 6379/tcp redis 5130724e6c5b goharbor/registry-photon:v2.6.2-v1.6.1 "/entrypoint.sh /etc…" 29 hours ago Up 28 hours (healthy) 5000/tcp registry 737c956d3c64 goharbor/harbor-log:v1.6.1 "/bin/sh -c /usr/loc…" 29 hours ago Up 28 hours (healthy) 127.0.0.1:1514->10514/tcp harbor-log 845547a65a14 mysql:5.7 "docker-entrypoint.s…" 34 hours ago Up 19 hours 3306/tcp, 33060/tcp lnmp_mysql f4f3056e14b6 mysql:5.7 "docker-entrypoint.s…" 34 hours ago Exited (1) 34 hours ago objective_wozniak [root@192 nginx]# docker container ls -a|grep lnmp 3cc9715ef1f0 192.168.1.30/library/nginx:v1 "nginx -g 'daemon of…" 29 seconds ago Up 27 seconds 0.0.0.0:88->80/tcp lnmp_nginx c3624fb185f9 192.168.1.30/library/php:v1 "php-fpm" About a minute ago Up About a minute 9000/tcp lnmp_php 845547a65a14 mysql:5.7 "docker-entrypoint.s…" 34 hours ago Up 19 hours 3306/tcp, 33060/tcp lnmp_mysql [root@192 nginx]# docker container ls -a|grep lnmp 3cc9715ef1f0 192.168.1.30/library/nginx:v1 "nginx -g 'daemon of…" About a minute ago Up About a minute 0.0.0.0:88->80/tcp lnmp_nginx c3624fb185f9 192.168.1.30/library/php:v1 "php-fpm" 2 minutes ago Up 2 minutes 9000/tcp lnmp_php 845547a65a14 mysql:5.7 "docker-entrypoint.s…" 34 hours ago Up 19 hours 3306/tcp, 33060/tcp lnmp_mysql

打开浏览器看一下:


到此,测试从私有仓库harbor上拉取镜像,并运行,测试通过。

这里需要注意的是, php,nginx运行是有顺序的,需要先运行 php,在运行nginx.

因为nginx.cnf配置文件里,配置了转发到lnmp_php,找不到这个服务器, nginx服务就会退出 。


 

作者: 梅梅~

出处: https://www.cnblogs.com/keeptesting

关于作者:专注软件测试,测试运维相关工作,请多多赐教!

本文版权归作者和博客园共有,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给出, 原文链接 欢迎沟通交流加微信联系。 微信:yangguangkg20140901 暗号:博客园.







posted on 2019-03-20 23:11  梅梅~  阅读(...)  评论(...编辑  收藏

导航